Browse our certifications
Find training
Open page navigation

1. Introduction

The APM Group Limited (“APMG”, “us”, “we”, “our”) is committed to protecting and respecting your data privacy. We want you to know how we use and protect your personal information. This includes informing you of your rights regarding your personal information that we hold.

This Privacy Policy sets out how we may use, process and store your personal data. Personal data is any information that can be used to identify or be reasonably associated with a specific person.

We need your personal data in order to deliver contractual/legal obligations you may have with us or our business partners or to allow us to provide you our services. In other cases, we will collect that information from you with your permission and consent.

Where APMG provides services to you on its own behalf (such as when you use our websites or purchase an examination from us), APMG is the “Controller” for all the personal data collected.

Where APMG is issuing a SFIA digital badge via the Credly platform, on behalf of a SFIA Licensed Assessment Partner, APMG is the "Processor" for the digital administration and the Licensed Partner responsible for your assessment and certification is the "Controller".

2. Laws and Regulations

The laws that govern personal data in the UK are:

  • the Data Protection Act 2018 and
  • the United Kingdom General Data Protection Regulation (UK GDPR)
  • the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (EU GDPR).

The independent authority that upholds information rights in the public interest in the United Kingdom is the Information Commissioner’s Office (the “ICO”). Further information can be found at https://ico.org.uk.

Our registration details with the ICO are as follows:-

  • The APM Group Limited                Z6934466             

Please note these regulations apply to all APMG offices and to everyone we do business with who have access to personal information through APMG. These regulations are not restricted to UK citizens.

3. Company Details

This is APMG’s registered address, company number and contact information:

The APM Group Limited
Sword House
Totteridge Road
High Wycombe
Buckinghamshire
HP13 6DG

Email:  dataprivacy@apmgroup.co.uk

Phone: +44 (0) 1494 452450

 

Our EU office is:-

APMG Benelux

Unit 1.15 BusinessCenter Sputnik

Sputnik 20

3824 MG Amersfoort

If you have questions, comments, or complaints about this Privacy Policy, please contact us using the details above.

4. Personal information we may collect from you

APMG may collect information from you because we have a legal reason (allowed by law or under contract) to collect the information, or because you have consented for us to do so for a specific purpose, or we have a legitimate interest.

Information you give us

You may give us information about you with your consent or as required for you to use our services, for example:

  • Information you provide to create an account with us
  • The forms, emails, and other communications that you send us or otherwise contribute, such as support inquiries or posts to our message boards or forums. Please be aware that information on public parts of our websites and online platforms is available to others
  • Your marketing preferences
  • Information you share with us in connection with surveys or promotions
  • Information you share with us by applying for a job at APMG
  • Information you submit to us at a conference, exhibition or online event

This information may be personal, financial, educational, or related to your employment history.

Sometimes we require you to provide us with information for legal reasons, such as to enter into a contract with us, when you are buying exams, assessments or other goods or services from us, or when you are applying for a job at APMG.

If you are a trainer, facilitator or invigilator accredited or approved by APMG, the Trainer, Facilitator, Invigilator Data Protection Statement, outlining the processing of your data, is available on the APMG Network and/or via your sponsoring ATO.

Information obtained from other sources

If you purchase an APMG exam from one of our business partners or training providers, they may provide us with certain personal information about you (such as your name and email address) to allow us to provide services to you. The privacy policy of the applicable business partner / training provider will control how they use your information and share this information with us. Make sure you are comfortable with their privacy terms by reviewing their privacy policy.

If you have earned a SFIA digital badge through one of our Licensed Partners, they may provide us with certain personal information (such as your name and email address) to allow us to provide the services to you.

Information obtained from your use of our services

When you use our services, we collect information about your activity on and interaction with our websites and/or online platforms, such as your IP address, your device and browser type, your preferences, the web page you visited prior to coming to our website and/or online platform, and information about how you interact with our websites and/or online platforms.

Some of this information is collected automatically using cookies and similar technologies when you use our services. You can read more about our use of cookies in Section 5 below.

Websites and Online Platforms usage information

We use a third-party service, Google Analytics, to collect standard website performance information.  This information is processed in a way that it does not identify individuals. Web usage information is collected by our web server and from other sources including search engines, internet service providers, page tagging techniques including JavaScript, and cookies. We use IP addresses to analyse trends, track users' movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

If you visit one of our websites or use one of our online platforms, we may automatically collect information about you, for example:

  • IP addresses
  • Information about the technology you use to connect to our website and/or online platform
  • What parts of our website or online platform you click on and how long you look at our website or online platform.

As well as the information that you provide, we receive and store a range of website and online platform usage information whenever you use one of our websites or online platforms. If we want to collect personal information, we will be clear and specific why we require this information and ask you to opt-in.

We use this to:

  • assess the effectiveness of marketing campaigns
  • develop and deliver services and information that better meet your needs
  • inform you of events, services, and products which we believe to be relevant to you, where you have consented to be contacted for such purposes.

We also use Matomo to track website use trends using anonymous IP addresses.  This raw data is kept for 24 months to create reports but is not attributable to an individual.

Live Chat Services (APMG Live Chat)

This service allows you to chat live with us or one of our support agents in order to facilitate your navigation of any of our websites or online platforms.

APMG use the chat function of Chatlio,1329 N 47th ST #31231, Seattle, WA 98107, USA.

Messages and other information entered into the Chatlio chat window by yourself and/or APMG or its sub-contractors are sent to APMG via Slack, a service of Slack Inc., 500 Howard Street, San Francisco, CA 94105, United States. Chatlio uses cookies to identify recurring visitors and uses your location data to provide an indication as to where you are from to our support team.

We collect and process personal information about you with your consent and/or as necessary to perform our contractual obligations, provide our services, meet our legal obligations, protect the security of our systems, or fulfil other legitimate interests. When engaging in a live chat session with one of our support agents or staff members, APMG, Slack and Chatlio may store the following information:

  • Name
  • Email Address
  • Candidate Number (if applicable)
  • Browser
  • Operating System
  • Page URL on which a chat was initiated
  • Local Time
  • Location
  • Agent Ratings
  • Any other personal information you may provide in your messages to us

By using our live chat, you agree to Chatlio's and Slack’s methods of storage and use of data. For further information, please refer to the privacy policy of Chatlio: https://chatlio.com/legal/privacy-policy and Slack: https://slack.com/privacy-policy.

APMG Technical Helpdesk

Support calls are recorded to ensure that end user’s data security and rights are not breached during a support call.  These recordings are removed after 90 days.  It is in the legitimate interests of the individual for us to have a recording of such events so that we can investigate any claims of misconduct or unsatisfactory service.

APMG Communications

APMG use an email/marketing automation platform to send communications to our accredited organisations and trainers and newsletters to newsletter list recipients.  We collect and process information about you if you sign up on our website to receive newsletters or provide consent to receive marketing in the candidate portal.  You can withdraw your consent to receive newsletters at any time by clicking on unsubscribe in the newsletter or by changing your marketing preferences in the candidate portal

APMG may also send communications to candidates to ask for feedback after they have sat an exam in order for us to gain insight on how we can improve our services.  Survey responses are captured using Survey Monkey https://uk.surveymonkey.com/mp/legal/privacy/

APMG uses the automated platform Mailchimp. 

Mailchimp is an online marketing platform operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States.  For further information, refer to their Privacy Policy at https://mailchimp.com/legal/privacy/ 

Social Media Campaigns

APMG runs social media campaigns using third party platforms to record media, edit and host.  These platforms include LinkedIn and YouTube. Participants of social media campaigns have provided APMG with consent to capture their images and testimonials and edit these for various campaigns.   

5. Cookies

Our websites (including apmg-international.com, apmg-businessbooks.com and ppp-certification.com) and online platforms (including the APMG Learning Platform and the APMG Candidate Portal) puts small files (known as “cookies”) onto your computer to collect information about how you use our site.

Cookies are used to:

  • measure how you use the website / online platform so it can be updated and improved based on your needs
  • remember the notifications you’ve seen so we don’t show them to you again

APMG websites and online platforms do not use cookies to identify you personally, but to gain useful knowledge about how the site is used so we can keep improving it for our users. 

You will normally see a message appear on the site before we store a cookie on your computer.

Find out more about how to manage cookies by visiting www.aboutcookies.org or www.allaboutcookies.org.

How we use cookies on our websites

Measuring website usage

APMG websites and online platforms use Google Analytics to collect data that we use to improve your experience of our sites and platforms.

The cookies we use on websites are:

Name Purpose Duration
_ga Used to distinguish users. 2 year
_gid Used to distinguish users. 24 hours
_gat Used to throttle request rate. 1 minute
AMP_TOKEN Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. 30 seconds to 1 year
_gac_<property-id> Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt out. Learn more. 90 days

Read the Google Analytics privacy document (available at https://support.google.com/analytics/answer/6004245) for more details about the data collected by Google Analytics. To opt out from Google Analytics visit: https://tools.google.com/dlpage/gaoptout 

Our Introductory Message

Our Introductory Message

We are legally obliged to tell you that we use cookies on our sites and online platforms and gain your consent to their use. We do this via a pop-up message when you first visit our website or online platform. We store a cookie on your computer so that we know that you have acknowledged the pop-up and the site knows not to show it again:  

 

Name Purpose Duration
cookie-agreed Records whether or not the cookie’s notification pop-up has been acknowledged by the user 11 months

Content Management System

We use the Drupal content management system on our websites and online platforms, which also sets a number of cookies:

has_js Allows the website to determine whether your browser is javascript compatible Browser session
SESSxxxx Used to determine whether the user is already logged on to the site 23 Days

How we use cookies on our online platforms

For further information on the use of Cookies on all APMG-International online platforms please see APMG Cookie Policy

 

Google AdWords

Google Analytics allows us to record information about the page a user has seen on our website, for example the URL of the page. The Google Analytics JavaScript libraries use HTTP Cookies to "remember" what a user has done on previous pages / interactions with the website.

Important: Google Analytics does not store any personal information about website users. Please refer to the Google Analytics privacy document for more details.

Information about how visitors can opt out of Google’s use of cookies can be seen at  Google’s Ads Settings.

Third Party Cookies

First-party cookies are those that we set for our websites and online platforms; third party cookies are cookies that originate from different websites. We do not control the setting of third-party cookies, so if you are concerned you should check the policy on the third-party website.

An example of a third-party website we use is YouTube. We have a number of videos on apmg-international.com and although we own (or have permission to use) them, the video content is actually streamed from YouTube. You may therefore receive a YouTube cookie if you view one of our videos.

6. Children

We believe in protecting the privacy of children. In line with this belief, we do not knowingly collect or maintain personal information from persons under 16 years of age, for our public examinations, and no part of any of our websites or online platforms is directed at persons under 16 years of age. If you are under 16 years of age, then please do not use or access our websites or online platforms at any time or in any manner. We will take appropriate steps to delete any personal information of persons less than 16 years of age, if it was provided directly by them.

If you are a parent or legal guardian or carer (responsible adult) and believe your child has given us information, you can contact us at dataprivacy@apmgroup.co.uk, and we will take appropriate steps to investigate and address the issue.

If you are  under the age of 16 and have sat one of our examinations, as part of an agreement between a training organisation and your school, APMG processes your data with consent from your parent, guardian or carer (Responsible Adult) and does not transfer your data to any third party apart from the Scheme Owner that owns the qualification in question (if applicable – see Section 10 below for further information).

If you are a parent, guardian or carer (Responsible Adult)  who has signed an application form authorising the delivery of examination services to a candidate under the age of 16, APMG will retain your personal information (as provided in the application form) for a period of 5 years from completion of the application form so that we retain a record of consent for all children aged between 13-16 until such time they reach an age that parental, guardian or carer consent is no longer required.

Please note that, should the parent, guardian or carer (Responsible Adult) withdraw their consent, APMG will stop processing the personal data of the candidate under the age of 16 and therefore will be unable to verify any certification awarded to that candidate.

7. Why does APMG collect personal information?

APMG collects information for some or all of following reasons:

  • To provide services to you, for example:
    • information that identifies you, such as your name, username and email address
    • to allow you to register and sit an examination with us
    • to deliver online training you purchased from us or one of our business partners / training providers
    • after you have taken one of our educational certifications/ qualifications, to manage your certification, including validation of your certification/qualification by us
    • to provide you with any of the services available via our websites and/or online platforms.
  • To provide information about products or services you have shown interest in purchasing within a reasonable time afterwards, if you are an existing APMG customer.
  • To provide information to you about products or services you have purchased from us, or related products or services.
  • To provide information to you about our products and services if you have consented to receive it.
  • To employ you or consider you for employment.
  • To provide goods or services to you under contract.
  • For legal reasons, for example, if you have entered into a contract with us.

8. What legal basis does APMG have for processing my information?

APMG may process your information because:

  • We have a contract with you;
  • You have given us permission to do so;
  • We must provide services to you after you have purchased something from us or one of our business partners;
  • We must provide services to you because you have taken one of our qualifications;
  • To comply with the law.

All these are reasons APMG may legally process the information we have about you.

9. Where we store your personal data

We primarily store and process your personal data in the UK and EU/European Economic Area (“EEA”). If we do transfer your personal data outside the UK or EEA it will be because you have consented or because we have a legal reason to do so. Your data may also be processed by staff (who work for us) operating outside the EEA all of whom are covered by this policy.

Some examples of reasons your data may be processed outside the UK and EEA include:

  • Order fulfilment
  • Payment processing
  • Technical support services
  • Live Chat services.

If your personal data cannot be processed within the UK and EEA, we will:

  • Comply with all other data protection principles;
  • Where possible, process it in a country that is on the list of the UK Commissioners’ countries that provide adequate protections for the rights and freedoms of data subjects;
  • Make sure we have assessed the adequacy of protections in all other cases.

APMG will also transfer your personal information to the owner of the scheme qualification you have chosen to undertake and our business partner(s) from whom you have purchased our services (if any). Please see Section 10 below for more details.

By using our services, or submitting your personal data, you agree to this transfer, storing and/or processing.

10. Who might we share your information with?

APMG may share your personal information with third parties, either because you have consented to allow us to do so or for a legitimate purpose or to comply with the law. For example, we may share your personal information with:

  • The training organization who provided training to you before you took an examination (for example, to share your examination result or to deal with a complaint);
  • A scheme owner who provides an online platform for training and/or additional resources for a training course you have enrolled in;
  • Our group companies, which means our subsidiaries, or our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
  • With third parties because you have given consent;
  • With third parties who provide shipping or publishing services because you have purchased goods or services;
  • On our Successful Candidate Register if you have consented;
  • Subcontractors and third parties for the purpose of the performance of a contract we hold with them or that we hold with you for a service you have chosen. They only receive data needed to provide their services to us and are required to use such data only in order to perform the services we have hired them to do (unless otherwise required by law). We have agreements with our service providers that say that they cannot use any of this data for their own purposes or for the purposes of another third party. A list of these organisations can be found here https://apmg-international.com/copyright-legal-policies.

Please note some of these organisations may be located outside UK and/or EEA, for example:

  • Taking an on-line exam at home or in the office via ProctorU
    • This service allows you to take an online exam from the comfort of your own home or office with online proctoring.  We use a third party supplier, ProctorU, to provide this service.  Their privacy policy can be seen here https://www.proctoru.com/privacy-policy For APMG test-takers, ProctorU retain any recordings from the exam session for 7 months, in line with the APMG appeals period, and other data is retained for 1 year from the last interaction with the test-taker.
  • Taking an on-line exam at home or in the office via APMG In Person Proctoring (AIPP)
  • This service allows you to take an online exam from the comfort of your own home or office using the APMG proctors, where your organisations level of security prevents you installing the software required to be proctored via ProctorU.  APMG use Zoom https://explore.zoom.us/en/privacy/ and Calendly https://calendly.com/privacy as the platform and scheduling mechanism for proctoring the exam.  APMG does not record the exam sessions.
  • Obtaining a digital badge and certificate via Credly
    • This service allows successful candidates and SFIA badge recipients to claim a digital badge to embed on an email signature, website, social media or a digital CV.  Successful candidates and those claiming SFIA badges following assessment by a SFIA Licensed Assessment Partner are required to register and accept their digital badge on Credly. A digital certificate will also be available on their personal account of successful candidates only, SFIA badges do not have a digital certificate.  Each certificate has a unique verifiable link built into it allowing individuals, teams, managers and employers to quickly validate any certificate presented electronically.  Candidates can also print their own certificate on demand from their Credly account. Their privacy policy can be seen here https://www.youracclaim.com/privacy
  • IP owners of the APMG qualification you have chosen to undertake. Please note that some Scheme Owners are based outside the UK and/or EEA as shown in the table below (if required, each organisation has its own Privacy Policy published on their website, links to which can be found on the product pages) Where APMG transfers data outside the UK and EEA, we have implemented appropriate safeguards to protect your data:
Product   Owner Location
AAB Scheme (Aerospace Auditors)   EAQG US
Agile Business Consortium Scrum Master & Product Owner   Agile Business Consortium UK
AgileBA, Agile DS, AgilePgM, AgilePM, & AgilePM for Scrum   Agile Business Consortium UK
Agile Change Agent   Agile Change Management Limited UK
Analytics Translations   GoDataDriven EEA
APMG Lean IT      APMG UK
APMP & Micro Certifications   APMP US
Artificial Intelligence   BCS UK
Artificial Intelligence Practitioner   Cyber Skills  UK
ASL   Van Haren Rights B.V. EEA
Better Business Cases   HM Treasury/Welsh Treasury UK
Business Case Development for Infrastructure Projects (BDIP)   HM Treasury/Welsh Treasury UK
Better Business Cases (If booked through New Zealand)   New Zealand Treasury New Zealand
BiSL   Van Haren Rights B.V. EEA
BRMP & CBRM   BRM Institute US
Business Agility Works   Agile Business Consortium UK
Business Resilience   Professional Resilience UK
CCP NCSC UK
CDCAT DSTL / Ploughshare / APMG UK
Certificate of Cloud Auditing Knowledge ISACA US
Certificate in Operational Risk Management (CORM) The Institute of Operational Risk (IOR) UK
Certified Data Privacy Solutions Engineer   ISACA US
Certified in Emerging Technology   ISACA US
Certified in the Governance of Enterprise IT   ISACA US
Certified Information Systems Auditor   ISACA US
Certified Information Security Manager   ISACA US
Certified Local Change Agent (CLCA)   APMG (CMI) Australia
Certified Medical Device Auditor (CMDA)   Johner Institut GmbH EEA
Certified Professional Technical Communicator   STC (Society for Technical Communication) US
Certified Public-Private Partnerships Professional (CP3P)   APMG/World Bank US
Certified in Risk and Information Systems Control   ISACA US
Chain of Responsibility – Lead Auditor   Auditor Training Services Pty Ltd Australia
Change Management   APMG (CMI) Australia
Clear Path to Cash Professional   Cash Flow Mike US
Cloud Computing   NAVICA US
Climate-Resilient Infrastructure Officer      Global Center on Adaption EEA
COBIT 5 and COBIT 2019   ISACA US
Critical Communication Capability   TSO UK
Customs Clearance Agent   The British Chamber of Commerce UK
Cyber Essentials   Capula UK
Data Literacy Fundamentals   Cybiant EEA
Data Science with Python   GoDataDriven EEA
Digital Information Design (DID)   Van Haren Rights B.V. EEA
DNV Auditor Competence   DNV EEA
DTMethod   InProgress Design Labs EEA
Earned Value   APM UK
Enterprise Big Data   The Big Data Framework BV EEA
Experience Collab   TSO UK
Facilitation   Resource Developing Business by Developing People UK
FitSM   IT Education Management Organization e.V. (ITEMO e.V.), EEA
Forest Garden Certification (FGC)   Trees for the Future US
Half Double   Half Double Institute EEA
House of PMO- Essentials for PMO Suite   House of PMO UK
IAITAM   IAITAM US
Information and Cyber Security Foundation   CIISec UK
Information Technology Certified Associate   ISACA US
International Project Management Association (IPMA)   APM (UK) and IPMA (Netherlands) EK/EEA
ISO/IEC 20000   APMG UK
ISO/IEC 27001   APMG UK
IS0 37000 Governance of Organisations   FluidRock Governance Academy South Africa
IT Risk Fundamentals   ISACA US
Lean IT Association   APMG (in association with LITA) UK
Lean Green Belt   LSSA / APMG EEA/UK
Lean Six Sigma   LSSA / APMG EEA/UK
Managing Benefits   APMG UK
Model Based System Engineering   Learning Tree US US
NCSP Specialist certifications   ITSM Solutions US
Neuroscience for Change   Sparkling Performance Ltd / Agile Change Management Ltd UK
NSCS Certified Training   NCSC UK
NCSP Specialisms, NIST Cyber Security Professional   ITSM Solutions US
OpenSM   IN.SI Srl EEA
Organizational Behaviour Management   OBM Dynamics BV EEA
PM4SD   FEST EEA
PPS   APMG UK
Praxis   Praxis Framework Limited UK
Private Brand Fundamentals   Daymon US
Process Communication   KCF EEA
Project Analytics   Projecting Success UK
Project Canvas   Antonio Nieto-Rodriguez EEA
Project Planning & Control (PPC)   APM UK
PS Professional   Positive Momentum UK
PuMP Certification   Stacey Barr Pty Ltd Australia
Robotic Process Automation   SAF Alliance EEA 
Service Automation Framework (SAF)   SAF Alliance EEA
Site Reliability Engineering (SRE)   Xebia Nederland B.V. EEA
Sourcing Governance Foundation (SGF)   APMG (IAOP) UK
Stakeholder Engagement   APMG UK
STAR Method   Notion Limited UK
Strategy Implementation Professional   Strategy Implementation Institute Singapore
Technology Business Management   Learning Tree US US
Telehealth Service Implementation Model   TSO UK
Unified Service Management (USM)   SURVUZ Foundation EEA
WISP   New View Management BV EEA

Other reasons APMG may share your personal information with a third party

If APMG or substantially all of its assets are acquired by a third party, personal data held by APMG about its customers will be one of the transferred assets of the company.

In addition, APMG will share your personal data with third parties for the following reasons:

  • If we are under a duty to disclose or share your information in order to comply with any legal obligation,
  • To enforce or apply our Website Terms of Use, Terms and Conditions of Sale, or other agreements
  • To protect our rights, property, or safety, our users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • For audit purposes by National Accreditation Bodies i.e. UKAS, by whom we are accredited.

Aggregated or anonymized data with personal information removed

APMG may, from time to time, provide third parties with data that has been aggregated or anonymized.  This means that personal information that could be used to identify you has been removed from the data.  An example of this may be how many candidates have taken an exam in a country.

Data provided to third parties in this way is not personal data; however, we do respect your right to object to your data being used in this way.

Access to your stored personal data via password

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site or online platform, you are responsible for keeping that password confidential. We ask you not to share passwords with anyone.

Transmission and storage of your personal data

Unfortunately, the transmission of information via the internet is not completely secure. Although we have technical and organisational measures in place to protect your data, we cannot guarantee the security of your data as it is transmitted and stored.

Transmission and storage of your personal data

Unfortunately, the transmission of information via the internet is not completely secure. Although we have technical and organisational measures in place to protect your data, we cannot guarantee the security of your data as it is transmitted and stored.

11. How long will we keep your personal information?

APMG will not retain your personal information for longer than required.

We will keep your personal information:

  • For as long as required by law
  • Until we no longer have a valid reason for keeping it
  • Until you request us to stop processing it

We will retain personal data collected for as long as required to do what we say we will in this policy, unless a longer retention period is required by law.

We may keep just enough of your personal information to ensure that we comply with your requests not to use your personal information or comply with your right to erasure. For example, we must keep your request to be erased, even if it includes your personal data, as an audit trail that requests are dealt with in accordance with UK GDPR.

If you have questions about our Data Retention Policy. Please contact: dataprivacy@apmgroup.co.uk

If you have visited an APMG website and/or registered for an online event

Purpose of Collection Data Category Data Collected Purpose for Collection Lawful basis for processing Provided by Data shared with? Retention Period
To provide information to you Web users sales leads data Name, address, email, phone number To provide information about training courses that you have requested Contractual fulfilment (art 6. (1) (b)) Data subject Training companies For as long as it is required to provide the service
Service/ product development Web user

Survey responses

Name, email address, phone number, country To develop services and products to meet the expectations and requirement of our customers Consent (art 6. (1) (b)) Data subject Campaign partners named in the campaign Until you unsubscribe from the service
Service/ product development Event attendee Name, email address  To promote our products and services Consent (art 6. (1) (b)) Data subject Campaign partners named in the campaign Until you unsubscribe from the service
Service/ product development Campaign subscriber Name, email address To promote our products and services Consent (art 6. (1) (b)) Data subject Campaign partners named in the campaign Until you unsubscribe from the service

 

If you have sat an exam with APMG

Purpose of Collection Data Category Data Collected Purpose for Collection Lawful Basis for Processing Provided by Data Shared with Retention Period
To provide information to you Web users sales leads data Name, email address, phone number To provide information about training courses that you have requested Contractual fulfilment

(art 6 (1) (b))

Data Subject Training Companies 2 years
Service / product development Web user Survey responses Name, email address, phone number, country To develop services and products to meet the

expectations and requirement of our customers.

Consent (art 6.(1) (a)) Data Subject None 2 years
Transactional Information Candidate Name* To provide examination services to an individual Contractual fulfilment

(art 6 (1) (b))

Training Company in order to register

candidate for the exam, or data subject for public exams

External Proctor, digital badge provider and scheme owners For as long as is required to verify certification**

Can only be amended by APMG

    Email address* To send notification emails to an individual Contractual fulfilment

(art 6 (1) (b))

Training Company in order to register

candidate for the exam, or data subject for public exams

External Proctor, digital badge provider and scheme owners For as long as is required to verify certification**

Can be changed at any time by the candidate in the portal

    Address* As an alternative method of communication Contractual fulfilment

(art 6 (1) (b))

Data subject Country only with external Proctor, and scheme owners For as long as is required to verify certification**

Can be changed at any time by the candidate in the portal

    Telephone number* To follow up regarding provision of examination services Contractual fulfilment

(art 6 (1) (b))

Data subject External Proctor, and scheme owners For as long as is required to verify certification**

Can be changed at any time by the candidate in the portal

    Candidate/

Session ID

Unique Identifier created by the candidate portal Contractual fulfilment

(art 6 (1) (b))

APMG External Proctor, and scheme owners For as long as is required to verify certification**

Cannot be changed

    Memorable word* To verify identity in case of candidate queries Legitimate interests (art 6.(1) (f)) Data subject None For as long as is required to verify certification**

Can be changed at any time by the candidate in the portal

    Memorable date* To verify identity in case of candidate queries Legitimate interests (art 6.(1) (f)) Data subject None For as long as is required to verify certification**

Can be changed at any time by the candidate in the portal

    Company For research purposes Legitimate interests (art 6.(1) (f)) Data subject External scheme owners For as long as is required to verify certification**

Can be changed at any time by the candidate in the portal

    Industry Sector* For research purposes Legitimate interests (art 6.(1) (f)) Data subject External scheme owners For as long as is required to verify certification**

Can be changed at any time by the candidate in the portal

    Successful Candidate Register preference To add the candidate to the online Successful Candidate Register, if they choose Consent (art 6 (1) (a)) Data subject None For as long as is required to verify certification**

Can be changed at any time by the candidate in the portal

    Consent preferences for

Marketing from APMG

To communicate with you about our other products Consent (art 6 (1) (a)) Data subject None Candidate can change preference at any time
    Consent preferences for

Marketing from scheme owner

To communicate with you about their other products Consent (art 6 (1) (a)) Data subject None Candidate can change preference at any time
    Accredited Training

Organisation, if applicable

Details of the training company and trainer providing the training to verify accredited training for booking exams Contractual fulfilment

(art 6 (1) (b))

Training Company External scheme owner For as long as is required to verify certification**

Cannot be changed

    Exam and Level Details of the exam being sat Contractual fulfilment

(art 6 (1) (b))

Training Company, or data subject for public exams External scheme owner For as long as is required to verify certification**

Cannot be changed

    Exam Results The exam score and pass/fail status Contractual fulfilment

(art 6 (1) (b))

APMG External scheme owner For as long as is required to verify certification**

Can only be changed by APMG in the event of a successful appeal

    Exam Certificate (if candidate passes exam) Digital certificates (for exams sat prior to 2021) Contractual fulfilment

(art 6 (1) (b))

APMG None For as long as is required to verify certification**

Cannot be changed

    E-certificate and

digital badge (if candidate passes exam)

Link to claim digital badge and e-certificate Contractual fulfilment

(art 6 (1) (b))

APMG External badge provider (only if claimed by the data subject) For as long as is required to verify certification**

Cannot be changed

    Medical Information In support of adjustments or accommodations required, due to medical reasons, during the exam Legal obligation (art 6.(1) (c) and art 9(2)(e) substantial public interest (condition 6 of the DPA 2018 Part 2 Schedule1)) Training Company, or data subject for public exams None 7 months from the certification decision date to align with our appeals period
Transactional information Parent, guardian, carer (responsible adult) Name* Evidence of consent to process data of children under the aged of 13-16 Consent (art 6 (1) (a)) Training Company None 5 years to provide evidence of consent until all ages reach 18***
Service/ product development Candidate Feedback on services provided For research purposes and to improve the services we provide Consent (art 6.(1) (a)) Candidate Only aggregated anonymised data shared 6 months, after which it is anonymised

*mandatory field

**unless the candidate exercises their right to erasure, however this does void their certification(s).

***if a parent, guardian or carer withdraws consent for us to process the personal data of a child under the agree of 16, we will stop processing and will be unable to verify the certification.

Note 1:- The data is only shared with an external proctor if the candidate sits an online proctored exam, and the data is only shared with external scheme owners if the exam sat is owned by an external scheme owner, in accordance with the table in section 10.

Note 2:- If the candidate is under the age of 16 they do not receive a digital badge and their data is not shared with an external badge provider.  We do not publish their data on the Successful Candidate Register and we also do not send marketing materials to under 16’s so their marketing preference is automatically defaulted to not receive marketing.

For schemes that are course only and have no exam, course details will be reported to APMG via an online form, for the purpose of invoicing, and may include personal data.  This information will be stored securely for 7 years

 

If you have attended a course only

Purpose of Collection Data Category Data Collected Purpose for Collection Lawful basis for processing Provided by Data Shared with? Retention Period
Transactional information Course only delegates Name, email address, To invoice for training courses attended Legitimate interests (art 6.(1) (f)) Training provider None 7 Years

 

If you have made a purchase from the APMG Store

Purpose of Collection Data Category Data Collected Purpose for Collection Lawful basis for processing Provided by Data Shared with? Retention Period
Transaction information APMG Store customers Name, email address, phone number To deliver the product purchased Contractual fulfilment (art 6.(1) (b)) Data subject Courier companies Until you delete your account
  APMG Store customers Payment card details To charge for the product purchased Contractual fulfilment (art 6.(1) (b)) Data subject Third party payment company Not retained by APMG
  APMG Store customers Name, email address, phone number To provide a receipt for the product purchased Contractual fulfilment (art 6.(1) (b)) Data subject None 7 years

 

If you are a user of one of our online portals

Purpose of Collection Data Category Data Collected Purpose for Collection Lawful basis for processing Provided by Data Shared with? Retention Period
Transaction information CDCAT Portal Users Name, email address, phone number To provide access to the tool Contractual fulfilment (art 6.(1) (b)) Data subject None For as long as is required to provide the service
  CDCAT Assessors Name, email address, company To provide access to the tool to conduct assessments Contractual fulfilment (art 6.(1) (b)) Data subject None For as long as is required to provide the service
  CDCAT Assessments Name, company* To conduct assessments Contractual fulfilment (art 6.(1) (b)) Assessors None For as long as is required to provide the service

 

 

12. THE USE OF AUTOMATED DECISION-MAKING

APMG uses automated decision-making when marking candidate exam answers.  For online and paper based exams, the exam is either marked directly by the online exam portal, or the answer sheets are scanned and marked by our exam system.  The provisional results are provided to the candidates before APMG officially releases them.  The marking algorithm is one mark per correct answer and the pass or fail result is determined by the minimum pass score for each product, which can be found on the individual product pages. Candidates can contact APMG direct to express their opinion and contest the decision, requesting human intervention to manually mark their exam answers.  Alternatively, if they attended training via one of our training companies, their training company can make this request to APMG on their behalf.  Upon request, APMG will manually mark the exam and issue a decision. The APMG decision from manually marking the exam will be final.

13. SECURITY

Once we no longer require information, we securely destroy it. We use commercially reasonable technical, organizational, and administrative measures to protect our Services against unauthorized or unlawful access or processing and against accidental loss, theft, disclosure, copying, modification, destruction, or damage. Nonetheless, we cannot guarantee that transmissions of your information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by us or our service providers. You should not share your user name, password, or other security information for your account with anyone. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately as detailed in section 15, below.

14. What if I chose not to give you my personal information?

If the personal information is necessary in order to supply goods or services to you under a contract between you and APMG or via one of our business partners, then we will not enter into that contract or provide the services or goods if you do not give us your personal information.

15. Controlling your personal information

Where you have consented to receive communications from us or are currently receiving material relating to our products or services, you may at any time ask us to cease sending you such material by contacting us.

We will not sell, distribute or lease your personal information to third parties.

APMG International is a subsidiary of The APM Group Limited. You may request details of personal information which we hold about you under the GDPR. If you would like a copy of the information held on you please contact our Data Protection Officer via dataprivacy@apmgroup.co.uk or write to:

F.A.O. Data Protection Officer

APM Group Ltd
Sword House
Totteridge Road
High Wycombe
Buckinghamshire
HP13 6DG

16. Your Rights

APMG will respect your legal rights to your data.

Below are the rights that you have under law, and what APMG does to protect those rights:

 

Legal right   What APMG does to protect your rights
The right to be informed   APMG is publishing this Privacy Notice to keep you informed about what we do with your personal information. We strive to be transparent about how we use your data.
     
The right to access   You have the right to access your information. Please contact APMG’s Data Protection Manager at dataprivacy@apmgroup.co.uk if you wish to obtain a copy of the personal information APMG holds about you. 
     
The right to rectification   If the information APMG holds about you is inaccurate or incomplete, you have the right to ask us to rectify it. If that data has been passed to a third party with your consent or for legal reasons, then we must also ask them to rectify the data. Please contact us at: dataprivacy@apmgroup.co.uk. If you have an account with us via our Candidate Portal, you may also update your personal information by logging into your profile page.
     
The right to erasure   This is sometimes called ‘the right to be forgotten’. If you want APMG to erase all your personal data and we do not have a legal reason to continue to process and hold it, please contact us at: dataprivacy@apmgroup.co.uk

Please note that by exercising this right it may affect the ability to verify your qualifications.

 

     
The right to restrict processing   You have the right to ask APMG to restrict how we process your data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future. If you want us to restrict processing of your data, please contact: dataprivacy@apmgroup.co.uk
     
The right to data portability   APMG must allow you to obtain and reuse your personal data for your own purposes across services in a safe and secure way without affecting the usability of your data. If you want information on how to port your data elsewhere: please contact  dataprivacy@apmgroup.co.uk. This right only applies to personal data that you have provided to us as the Data Controller. The data must be held by us by consent or for the performance of a contract.
     
The right to object   You have the right to object to APMG processing your data even if it is based on our legitimate interests, the exercise of official authority, direct marketing (including data aggregation), and processing for the purposes of statistics. If you wish to object please contact: dataprivacy@apmgroup.co.uk
     
The right to withdraw consent   If you have given us consent to process your data but change your mind as you have the right to withdraw your consent at any time, APMG must stop processing your data. If you want to withdraw your consent, please contact: dataprivacy@apmgroup.co.uk. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
     
The right to complain to a Supervisory Authority   You have the right to complain to the ICO if you feel that APMG has not responded to your requests in a reasonable time to solve a problem. their contact details can be found here: https://ico.org.uk/concerns/. Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

If you have any issues or concerns or just want to provide feedback regarding this Privacy Notice, or any of APMG’s data processing activities, please contact the Data Protection Officer at dataprivacy@apmgroup.co.uk 

17. Links to Other Websites

Our websites and online platforms may contain links to other websites. Anonymous visit or session information may be passed to other websites for the web usage information purposes described above. None of this information can be related to an individual user of the website. The operators of other sites may collect information from you, which will be used by them in accordance with their own terms and conditions, and privacy policies.

This privacy notice applies only to our websites and online platforms. We are not responsible for privacy practices within any other website. You should always be aware of this when you leave this website and we encourage you to read the privacy statement on all other websites that you visit.

18. Changes to Our Privacy Policy

We may update or amend this Privacy Policy from time to time, to comply with law or to meet our changing business requirements. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. Any updates or amendments will be posted on the APMG International website. We encourage you to review the APMG International website regularly for the latest information on our privacy practices. By continuing to access our websites and/or online platforms or using any of our services, your access and use will be subject to these updates and amendments.

Rate your experience with us...

Close

Certifications & Solutions

Accredited Training Organizations

Leadership

Accredited training providers

Certifications & Solutions

Select any filter and click on Apply to see results